I've been trying to figure this out for a while now - As an admin, I would like to be able to log in as a customer and see what they see on the frontend.
What's the best way to implement this?
#Impersonate a Customer
trail thicket
humble wolf
hi @trail thicket - it heavily depends on your framework on your storefront (keep in mind that your question has nothing related to Medusa - it is rather how you are handling authentication on your storefront). I think you can try to start with https://stackoverflow.com/questions/10836722/how-would-you-implement-view-site-as-a-different-user-feature
trail thicket
Hm. @humble wolf - Our frontend is a React site, using medusa's api's to login a customer and set the session. Not sure how this is not related to Medusa backend.
I need to create a backend route that:
- Validates the logged in user hitting the route is an Admin
- "logs in" the current browser, completely replacing the session
It is #2 that I'm having trouble understanding how to actually implement elegantly in Medusa
trail thicket
I think what I'm really asking is how/where can I see that a session is set up after auth calls? If that makes sense.
humble wolf
hi @trail thicket - when I was talking about the storefront implementation, my point was that if you are an admin you have a full access to everything. So in theory, you can make implementation in this way that if you are going to the route "mystorefront.com/cart/see-as-user="customer"", then storefront can use admin API with the "customer" to get the cart of the customer.
Note: I am assuming it is possible to execute Admin routes from the storefront, but I did not check it unfortunately.
trail thicket
This is a theoretically good suggestion @humble wolf - but specifically, we are using the medusajs client to authenticate. The only way to do so, or even to get a token for a user to subsequently use later, is to pass a user/pass in to the auth methods of the client.
Consider that as an admin, I won't have the password of the user.
I would like to have the client have the cookie set to the user I want to impersonate, so ALL the code we've already written to use the medusajs client would "just work".
If you (or anyone) has a real answer, not theoretical, for how to do so, I would appreciate it.
I am shocked impersonation isn't already baked into the client - who runs an ecommerce store without being able to do this?
Primarily, I need to understand where the cookie for the auth session is set exactly - and how is it being passed around. If you, or anyone, has information on this, that would be helpful.
humble wolf
hi @trail thicket - when you are saying real answer, I guess you are looking for specific implementation and unfortunately, you won't get it, because it is very complex and depends on a lot of things. You anyway will end up with your custom solution. There is no magic "switch" which will give you this functionality - it is needs be written.
On the other hand, I am surprised that you are saying who runs an ecommerce store without being able to do this. As admin you have full access to all information. You can get any customer instance, every cart, every order etc. You can do exactly the same fetches as the client and see exactly the same infromation as client but it is not provided out of the box - you need to write it.